def add_forening_permission(request): user = User.objects.get(id=request.POST['user']) forening = Forening.objects.get(id=request.POST['forening']) role = request.POST['role'] if role not in [r[0] for r in ForeningRole.ROLE_CHOICES]: raise PermissionDenied # Verify that the user performing this action has the required permissions all_foreninger = request.user.all_foreninger() if role == 'admin': # Setting admin requires admin if forening not in [a for a in all_foreninger if a.role == 'admin']: raise PermissionDenied elif role == 'user': # Any role can set user if forening not in all_foreninger: raise PermissionDenied try: role = ForeningRole.objects.get(user=user, forening=forening) role.role = request.POST['role'] role.save() except ForeningRole.DoesNotExist: role = ForeningRole(user=user, forening=forening, role=request.POST['role']) role.save() if request.POST.get('send_email', '') != '': if user.get_sherpa_email() == '': messages.warning(request, 'no_email_for_user') else: if send_access_granted_email(user, forening, request.user): messages.info(request, 'access_email_success') else: messages.warning(request, 'access_email_failure') cache.delete('user.%s.all_foreninger' % user.id) cache.delete('user.%s.children_foreninger' % user.id) return redirect('%s#tilganger' % reverse('admin:users.show', args=[user.id]))
def friendlyrole(role): return ForeningRole.friendly_role(role)
def create(request, forening_id): current_forening = Forening.objects.get(id=forening_id) if current_forening not in request.user.all_foreninger(): raise PermissionDenied # The parent choices are tricky to define in the forms API, so do it here. # Note that we're intentionally letting users choose parents among only those they have permission to. all_sorted = request.user.all_foreninger_sorted() parents_choices = { 'forening': all_sorted['forening'], 'turlag': all_sorted['turlag'], } # If the parent of the current forening isn't in the user's permissions, we still need to include that one as an # available parent so that they're able to make changes. if current_forening.type != 'sentral': for current_parent in current_forening.get_main_foreninger(): if current_parent not in parents_choices['forening'] and current_parent not in parents_choices['turlag']: parents_choices[current_parent.type].append(current_parent) form = CreateForeningForm(request.user, initial={ 'zipcode': '', }) context = { 'current_forening': current_forening, 'parents_choices': parents_choices, 'admin_user_search_char_length': settings.ADMIN_USER_SEARCH_CHAR_LENGTH, 'form': form, } # Give URLPicker the homepage site for the current forening. If they don't have one, just use the central site relevant_site = current_forening.get_homepage_site() or Site.get_central() context.update(url_picker_context(relevant_site)) if request.method == 'GET': return render(request, 'central/admin/foreninger/create.html', context) elif request.method == 'POST': form = CreateForeningForm(request.user, request.POST) if form.is_valid(): forening = Forening() forening.name = form.cleaned_data['name'] forening.type = form.cleaned_data['type'] if forening.type == 'turgruppe': forening.group_type = form.cleaned_data['group_type'] else: forening.group_type = '' forening.save() # Set M2M-fields after the initial db-save forening.parents = form.cleaned_data['parents'] # Ensure the Turbasen object is re-saved with applicable M2M-relations forening.save_turbasen_object() # Add the current user as admin on the new forening role = ForeningRole( user=request.user, forening=forening, role='admin', ) role.save() # FIXME: We can't delete the permission cache for all users, so some may find that they can't edit # the new forening even though they should be able, until the cache (which is currently 24h) expires. cache.delete('user.%s.all_foreninger' % request.user.id) messages.info(request, 'forening_create_success') request.session['active_forening'] = forening.id cache.delete('foreninger.all.sorted_by_name') cache.delete('foreninger.all.sorted_by_type') cache.delete('foreninger.rendered_select') cache.delete('forening.%s' % forening.id) cache.delete('forening.main_foreninger.%s' % forening.id) return redirect('admin:foreninger.edit', forening.id) else: context.update({'form': form}) return render(request, 'central/admin/foreninger/create.html', context) else: return redirect('admin:foreninger.create', current_forening.id)
def users_give_access(request, forening_id): current_forening = Forening.objects.get(id=forening_id) if current_forening not in request.user.all_foreninger(): raise PermissionDenied wanted_role = request.POST['wanted_role'] if wanted_role not in [role[0] for role in ForeningRole.ROLE_CHOICES]: raise PermissionDenied # Verify that the user has the same access that they're giving passed = False for forening in request.user.all_foreninger(): if forening == request.active_forening: if wanted_role == 'admin' and forening.role == 'user': raise PermissionDenied else: passed = True if not passed: raise PermissionDenied other_user = User.get_users(include_pending=True).get(id=request.POST['user']) if other_user.has_perm('sherpa_admin'): messages.info(request, 'user_is_sherpa_admin') return redirect('admin:foreninger.users', current_forening.id) # Adding the sherpa permission, if missing, is implicit - and informed about client-side if not other_user.has_perm('sherpa'): p = Permission.objects.get(name='sherpa') other_user.permissions.add(p) for forening in other_user.all_foreninger(): if forening == request.active_forening: # The user already has access to this forening if forening.role == 'user' and wanted_role == 'admin': # But it's a user role and we want admin! Update it. forening_role = ForeningRole.objects.get(user=other_user, forening=forening) forening_role.role = 'admin' forening_role.save() messages.info(request, 'permission_created') elif forening.role == 'admin' and wanted_role == 'user': # We want user access, but they have admin. Chcek if it's an explicit relationship: try: forening_role = ForeningRole.objects.get(user=other_user, forening=forening) forening_role.role = 'user' forening_role.save() messages.info(request, 'permission_created') except ForeningRole.DoesNotExist: # No explicit relationship, so the user must have admin access to a parent messages.info(request, 'user_has_admin_in_parent') else: # In this case, forening.role should equal wanted_role, so just inform the user that all is in order messages.info(request, 'equal_permission_already_exists') cache.delete('user.%s.all_foreninger' % other_user.id) return redirect('admin:foreninger.users', current_forening.id) # If we reach this code path, this is a new relationship - create it forening_role = ForeningRole( user=other_user, forening=request.active_forening, role=wanted_role, ) forening_role.save() if request.POST.get('send_email', '') != '': if send_access_granted_email(other_user, request.active_forening, request.user): messages.info(request, 'access_email_success') else: messages.warning(request, 'access_email_failure') messages.info(request, 'permission_created') cache.delete('user.%s.all_foreninger' % other_user.id) return redirect('admin:foreninger.users', current_forening.id)
def index(request, forening_id): current_forening = Forening.objects.get(id=forening_id) if current_forening not in request.user.all_foreninger(): raise PermissionDenied forening_users = list(User.objects.filter(foreninger=current_forening)) forening_users_by_parent = [] parent_ids = [p.id for p in current_forening.get_parents_deep()] forening_users_by_parent_all = list(User.objects.filter(foreninger__in=parent_ids)) # Prefetch and cache the actors memberids = [u.memberid for u in (forening_users + forening_users_by_parent)] for actor in Actor.get_personal_members().filter(memberid__in=memberids): cache.set('actor.%s' % actor.memberid, actor, settings.FOCUS_MEMBER_CACHE_PERIOD) # Safe to iterate without having n+1 issues # Filter on admins forening_users_by_parent = [] for user in forening_users_by_parent_all: for forening in user.all_foreninger(): if forening == current_forening and forening.role == 'admin': forening_users_by_parent.append(user) forening_users = sorted(forening_users, key=lambda u: u.get_full_name()) forening_users_by_parent = sorted(forening_users_by_parent, key=lambda u: u.get_full_name()) sherpa_admins = sorted(User.objects.filter(permissions__name='sherpa_admin'), key=lambda u: u.get_full_name()) # The parent choices are tricky to define in the forms API, so do it here. # Note that we're intentionally letting users choose parents among only those they have permission to. all_sorted = request.user.all_foreninger_sorted() parents_choices = { 'forening': all_sorted['forening'], 'turlag': all_sorted['turlag'], } # If the parent of the current forening isn't in the user's permissions, we still need to include that one as an # available parent so that they're able to make changes. if current_forening.type != 'sentral': for current_parent in current_forening.get_main_foreninger(): if current_parent not in parents_choices['forening'] and current_parent not in parents_choices['turlag']: parents_choices[current_parent.type].append(current_parent) context = { 'current_forening': current_forening, 'forening_users': forening_users, 'forening_users_by_parent': forening_users_by_parent, 'sherpa_admins': sherpa_admins, 'parents_choices': parents_choices, 'admin_user_search_char_length': settings.ADMIN_USER_SEARCH_CHAR_LENGTH } zipcode = current_forening.zipcode edit_form_zipcode_area = zipcode.area if zipcode is not None else '' if current_forening.contact_person is not None: choose_contact = 'person' contact_person = current_forening.contact_person.id contact_person_name = current_forening.contact_person.get_full_name() phone = current_forening.contact_person.get_phone_mobile() email = current_forening.contact_person.get_sherpa_email() elif current_forening.contact_person_name != '': choose_contact = 'person' contact_person = None contact_person_name = current_forening.contact_person_name phone = current_forening.phone email = current_forening.email else: choose_contact = 'forening' contact_person = None contact_person_name = '' phone = current_forening.phone email = current_forening.email edit_form = ExistingForeningDataForm(request.user, prefix='edit', initial={ 'forening': current_forening.id, 'parents': current_forening.parents.all(), 'name': current_forening.name, 'type': current_forening.type, 'group_type': current_forening.group_type, 'post_address': current_forening.post_address, 'visit_address': current_forening.visit_address, 'zipcode': zipcode.zipcode if zipcode is not None else '', 'counties': current_forening.counties.all(), 'choose_contact': choose_contact, 'contact_person': contact_person, 'contact_person_name': contact_person_name, 'phone': phone, 'email': email, 'organization_no': current_forening.organization_no, 'gmap_url': current_forening.gmap_url, 'facebook_url': current_forening.facebook_url, }) create_form = ForeningDataForm(request.user, prefix='create', initial={ 'zipcode': '', }) context.update({ 'edit_form': edit_form, 'create_form': create_form, 'edit_form_zipcode_area': edit_form_zipcode_area, }) if request.method == 'GET': return render(request, 'common/admin/forening/index.html', context) elif request.method == 'POST': if request.POST.get('form') == 'edit': edit_form = ExistingForeningDataForm(request.user, request.POST, prefix='edit') if edit_form.is_valid(): forening = edit_form.cleaned_data['forening'] forening.parents = edit_form.cleaned_data['parents'] forening.name = edit_form.cleaned_data['name'] forening.type = edit_form.cleaned_data['type'] if forening.type == 'turgruppe': forening.group_type = edit_form.cleaned_data['group_type'] else: forening.group_type = '' forening.post_address = edit_form.cleaned_data['post_address'] forening.visit_address = edit_form.cleaned_data['visit_address'] forening.zipcode = edit_form.cleaned_data['zipcode'] forening.counties = edit_form.cleaned_data['counties'] if edit_form.cleaned_data['choose_contact'] == 'person': if edit_form.cleaned_data['contact_person'] is not None: forening.contact_person = edit_form.cleaned_data['contact_person'] forening.contact_person_name = '' else: forening.contact_person = None forening.contact_person_name = edit_form.cleaned_data['contact_person_name'] else: forening.contact_person = None forening.contact_person_name = '' forening.phone = edit_form.cleaned_data['phone'] forening.email = edit_form.cleaned_data['email'] forening.organization_no = edit_form.cleaned_data['organization_no'] forening.gmap_url = edit_form.cleaned_data['gmap_url'] forening.facebook_url = edit_form.cleaned_data['facebook_url'] forening.save() messages.info(request, 'forening_save_success') cache.delete('foreninger.all.sorted_by_name') cache.delete('foreninger.all.sorted_by_name.with_active_url') cache.delete('foreninger.all.sorted_by_type') cache.delete('forening.%s' % forening.id) cache.delete('forening.main_foreninger.%s' % forening.id) return redirect('admin.forening.views.index', current_forening.id) else: context.update({'edit_form': edit_form}) return render(request, 'common/admin/forening/index.html', context) elif request.POST.get('form') == 'create': create_form = ForeningDataForm(request.user, request.POST, prefix='create') if create_form.is_valid(): forening = Forening() forening.name = create_form.cleaned_data['name'] forening.type = create_form.cleaned_data['type'] if forening.type == 'turgruppe': forening.group_type = create_form.cleaned_data['group_type'] else: forening.group_type = '' forening.post_address = create_form.cleaned_data['post_address'] forening.visit_address = create_form.cleaned_data['visit_address'] forening.zipcode = create_form.cleaned_data['zipcode'] if create_form.cleaned_data['choose_contact'] == 'person': if create_form.cleaned_data['contact_person'] is not None: forening.contact_person = create_form.cleaned_data['contact_person'] forening.contact_person_name = '' else: forening.contact_person = None forening.contact_person_name = create_form.cleaned_data['contact_person_name'] else: forening.contact_person = None forening.contact_person_name = '' forening.phone = create_form.cleaned_data['phone'] forening.email = create_form.cleaned_data['email'] forening.organization_no = create_form.cleaned_data['organization_no'] forening.gmap_url = create_form.cleaned_data['gmap_url'] forening.facebook_url = create_form.cleaned_data['facebook_url'] forening.save() # Set M2M-fields after the initial db-save forening.parents = create_form.cleaned_data['parents'] forening.counties = create_form.cleaned_data['counties'] # Add the current user as admin on the new forening role = ForeningRole( user=request.user, forening=forening, role='admin', ) role.save() # FIXME: We can't delete the permission cache for all users, so some may find that they can't edit # the new forening even though they should be able, until the cache (which is currently 24h) expires. cache.delete('user.%s.all_foreninger' % request.user.id) messages.info(request, 'forening_create_success') request.session['active_forening'] = forening.id cache.delete('foreninger.all.sorted_by_name') cache.delete('foreninger.all.sorted_by_name.with_active_url') cache.delete('foreninger.all.sorted_by_type') cache.delete('forening.%s' % forening.id) cache.delete('forening.main_foreninger.%s' % forening.id) # Since GET url == POST url, we need to specifically set the tab hashtag we want, or the existing # one (create) will be kept return redirect('%s#metadata' % reverse('admin.forening.views.index', args=[current_forening.id])) else: context.update({'create_form': create_form}) return render(request, 'common/admin/forening/index.html', context) else: return redirect('admin.forening.views.index', current_forening.id)